Posted: Sun Apr 03, 2011 3:41 pm Post subject: How to set up an email server with postfix/cyrus

I'm leaving my shared hosting account with Godaddy and rolling my own with a VPS from vr.org. I have my site set up. Now I need to set up my mail server. I'm going with postfix based on a recommendation. How do I get started? I'm a total n00b to mail servers.

HOWEVER...what that virtual_alias_maps is supposed to do, normally, is define a one-to-one aliasing.
What I've done above takes e-mail for *all four* of those domains, regardless of the recipient, and send to 'meat@whitehathouston.com'

what you probably want is luser_relay for unknown recipients, and not the above suggestion

I'm leaving my shared hosting account with Godaddy and rolling my own with a VPS from vr.org. I have my site set up. Now I need to set up my mail server. I'm going with postfix based on a recommendation. How do I get started? I'm a total n00b to mail servers.

Start by planning honestly. Once you have it planned out how you're going to handle mailboxes on the backend (for example, you can backend to your regular old /etc/passwd users, so that mail to 'user1@domain1.com' and mail to 'user1@domain2.com' both go to the same place, /home/user1/.maildir, the homedir for a user you've added to the systemas per usual with 'useradd', or, you can do the "virtual hosting" nonsense, where user1@domain1 is viewed as different from user1@domain2)

You have it planned out, plain old emerge postfix, then dive through main.cf and master.cf
master.cf basically controls the way Postfix listens for e-mail (e.g. do i listen on tcp 25? do i just listen on a unix socket? which)
main.cf controls acceptance/delivery/routing, that sort of thing. It's your "policy engine" for lack of a better term

audiodef wrote:

Can I use postfix to handle email from two different domains hosted under Apache vhosts?

absolutely. Mind you, postfix doesn't actually use any of apache's configuration info, there's no direct tie like that, but yes, it can. The postfix side of *accepting* mail for multiple domains is easy. Where it requires more thought is deciding on *delivery*, as in, where mailboxes are stored, and how._________________Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash

Last edited by cach0rr0 on Tue Apr 05, 2011 10:28 pm; edited 1 time in total

If an example is helpful, I've tweaked my main.cf slightly to reflect your main domain
this would:
-accept mail for audiodef.com
-accept mail for my domains too actually (since i was lazy and left them in that file)
-deliver them to cyrus-imap via lmtp

Now, in my case, I don't do any recipient validation, since I route everything to myself
Before I did that, though, I used cyrus-imap, with the "autocreate" patch, which basically just meant, any username at my domains would be considered valid, and cyrus would automatically create a mailbox for any new email address it sees (which, would be any address that makes it past postfix). Cyrus has its own little storage backend, rather than storing mail directly on disk.

EDIT: I should really write up a new guide for this. The existing one is fine I guess, but I don't much care for Courier. Rather write something for cyrus, or dovecot._________________Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash

the guide works, just not personally a fan of courier, nor backending things to a database - but that's a personal preference.

For any of these setups, the postfix side is fairly trivial insofar as making the mail go where your IMAP/POP daemon wants it to be. Most of the difficulty is in planning out how you want your imap/pop client to store the mail. The above guide works perfectly well if you don't mind backending to mysql._________________Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash

I may have missed something about changing my MX entry in my Godaddy account. Currently, it's set to

mailstore1.secureserver.net
smtp.secureserver.net

aye, those are the defaults, for folks who host their mail with godaddy

audiodef wrote:

Do I simply change that to audiodef.com (since audiodef.com now points to my VPS where I'm setting up postfix)?

That will work, yes. Set up only MX record, for the domain 'audiodef.com', with the MX pointed at 'audiodef.com' with a priority of zero if you can, if not that then 5

Can also add a new A record, that still points at the same host, but named, say, 'smtp.audiodef.com', and then set your MX to be 'smtp.audiodef.com' - this gives you no functional advantage, just easier on the eyes (for me personally) to see an MX that's host.domain.tld and not domain.tld - even though strictly speaking domain.tld is fine._________________Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash

I may have missed something about changing my MX entry in my Godaddy account. Currently, it's set to

mailstore1.secureserver.net
smtp.secureserver.net

aye, those are the defaults, for folks who host their mail with godaddy

audiodef wrote:

Do I simply change that to audiodef.com (since audiodef.com now points to my VPS where I'm setting up postfix)?

That will work, yes. Set up only MX record, for the domain 'audiodef.com', with the MX pointed at 'audiodef.com' with a priority of zero if you can, if not that then 5

Can also add a new A record, that still points at the same host, but named, say, 'smtp.audiodef.com', and then set your MX to be 'smtp.audiodef.com' - this gives you no functional advantage, just easier on the eyes (for me personally) to see an MX that's host.domain.tld and not domain.tld - even though strictly speaking domain.tld is fine.

Actually, I don't mind that at all. I do other things with MySQL, so while I can't think of WHAT exactly I could do off the top of my head, I could possibly play around with database-stored mail and my other projects.

that guide doesnt actually store message contents in the database
what it does is use the database to lookup where a mail should be stored for a particular user

(I may have misspoke or been a touch confusing above)

basically something like 'select mailbox from blah', save result as $foo, mail goes to /home/vmail/$foo

Hm. I can't seem to change the default settings in my Godaddy account. It just won't let me do it, with a "the settings that could be saved have been saved" message. I could add another record, but the defaults are still there. Is this going to cause problems?

In this guide, code listing 9.2 is somewhat ambiguous. I did have a default ssl conf, but...

Do I add a NameVirtualHost host.domain.name:443 and at what point in the file, if so?

None of that is strictly necessary unless you want phpmyadmin. I tend to avoid it, if nothing else because it has a relatively long and seedy history of nasty vulns. Not that there are better packages out there for such a thing, but an unnecessary risk as the tool itself is unnecessary (IMHO - I just do all my mysql stuff on the command line, and actually find it a bit easier)

However, even for using phpmyadmin via SSL, the default setting for NameVirtualHost at the top of 00_default_ssl_vhost should be fine.
The format of this file is basically the same as 00_default_vhost.conf, except a few params added to turn on SSL, and paths to the keys/certs provided:
(mine)

Now, there are a handful of ways to access phpmyadmin
You can either just do:

Code:

cd /path/to/audiodef.com/htdocs
mkdir phpmyadmin

and access phpmyadmin by just going to http://audiodef.com/phpmyadmin
OR
if you want to have a different dedicated URL for this, you'd need to add a new CNAME in godaddy called, for example, 'dbadmin' that points at '@', which would mean you could browse to dbadmin.audiodef.com and hit this server

Now, how do you tell apache to serve different files for 'dbadmin.audiodef.com' than you do for just 'audiodef.com' ?
A new virtualhost. HTTP (or HTTPS) requests to any hostnames that match the ServerName or ServerAlias directives inside a <VirtualHost> block, will have that block's files served. So in this case, you'd add a new VirtualHost block, set the ServerName value to dbadmin.audiodef.com, and make its DocumentRoot point to /path/to/phpmyadmin/installation/htdocs

Quote:

host.domain.name = ? On my hosting account, I named my server serverdef, so does host.domain.name = audiodef.com or does it = serverdef.audiodef.com?

If you want people to be able to browser to 'serverdef.audiodef.com' (just as an aside, i realize that's not what you're asking) you'd need a new DNS entry at GoDaddy, probably another CNAME pointed at @, and then add 'serverdef.audiodef.com' to the ServerAlias value for whichever VirtualHost you want such requests to be routed to (or, if you want serverdef.audiodef.com to serve completely different content, add a new VirtualHost block specifically for that purpose, point it at whichever path in the DocumentRoot that'll have the files you want to serve, and that's done and done)_________________Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash

actually
im going to see if i can get a howto written faster than you can finish up that piece of doc, because I really really don't like that doc
that, and, i was just poking around inside cyrus' configuration files, it looks to be much easier to do the 'virtualdomains' nonsense with cyrus_________________Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash

I'm about a third of the way finished. The last "plain english" doc I did, I took my time, drew up an outline, and it was all fairly organized. Trying to wing it on this one, brain is all over the place._________________Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash

So, a disclaimer here.
I haven't slept in a while, just finished this, and ill be damned if it isn't an all nighter that ends with me hitting the final :wq at noon the next day!
What that means is, this isn't thoroughly tested.

Like I said, some of it was done on zero sleep, so I can't promise I've completely tested everything. But well, at least the page validates as HTML 4.01 Transitional

It should be solid, though. If you get to where you try it out, or if anyone else reading this fancies trying it out, feedback appreciated. I think it may still be a useful read even for people reading the existing docs, because it goes into greater detail breaking things down, explaining how things piece together, WHY you do something instead of just "copy and paste this, ok now copy and paste this". But that's a matter of opinion I suppose.

~1000 lines of HTML in vi and I'm pretty sure my ass is broken, but the lil fucker is done. I'll probably go through it after a nap and a weekend boozer to see if I've missed anything obvious._________________Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash